Illuminating shadow passwords
Why shadow passwords? Simply put, the shadow password scheme addresses the major shortcoming of the original Unix password-handling scheme, the fact that the password list was stored as a world-readable file.
The encoding mechanism for Unix passwords was (and is) very secure, being a one-way algorithm and therefore easy to apply but impossible to reverse. However, the password file itself is vulnerable to a cracking technique known as a dictionary attack, in which all the words from a large dictionary file are encoded and compared with the encoded password (readable by any user, remember) in /etc/passwd. This dictionary file is usually based on a normal English-language dictionary, with the addition of slang and weak passwords like "gandalf," "xyzzy," "qwerty," or even (God help us) "password." If the two match, then the original unencoded word is the password.
This may sound simple, but it takes a while to run the tens, or hundreds, of thousands of dictionary entries against a single password. Still, it is not extremely difficult with today's high-performance computing systems. Shadow passwords retain the Unix password mechanism and its backward compatibility with the huge Unix application base, while preventing the dictionary attack.
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Sign up »
Ease integration of Unix, Linux and Windows-based computers
Surviving Windows is easier than you think… MKS offers the power of an integrated all-in-one environment and provides you with the Power of UNIX on Windows
Learn More
Brought to you by: |
We have 5 copies of these two new books to give to some lucky readers. The deadline for entries is November 30, 2009.
|
iPhone for Programmers: An App-Driven Approach |
 |
The Google Way |
Priceless! The 25 Funniest Vintage Tech Ads
My oh my, how things have changed. These 25 vintage tech ads are guaranteed to take you back -- and, in most cases, remind you how truly terrible our tastes once were. Click ahead, and enjoy the shame-free trip down memory lane.
AISO founders envisioned a Web hosting company that was environmentally friendly. While the company employed energy-efficient innovations like solar panels, its infrastructure produced unacceptable power and cooling requirements. Find out how AISO leveraged AMD technology to overcome their challenge in this case study white paper.
In this whitepaper, Scalar explores the opportunity to change the landscape with respect to mission critical databases built around Oracle. Leveraging technologies such as Linux, high-end commodity processing power and Oracle RAC technology to architect, design, build and maintain database infrastructure that delivers maximum availability, reliability and performance at a fraction of traditional cost.
On a typical day, weather.com, the Web site for The Weather Channel in Atlanta, serves up between 15 million and 20 million page views. But in September 2004, when back-to-back hurricanes ransacked Florida, the peak traffic on one day more than tripled: over 70 million page views by more than 7 million unique visitors. Read the full success story now.
